Saturday, May 27, 2006

Symantec confirms vulnerability in antivirus software

Symantec confirmed Friday afternoon a vulnerability in its Antivirus Corporate Edition software that had been discovered by security firm eEye. According to the company, a successful exploit of the flaw could "potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system."

At this time, Symantec has only issued IDS signatures that will be able to detect attempts to exploit the vulnerability. Network Security Appliance 7100 signatures (SU 46), Gateway Security 3.0 signatures (SU 19) and Client Security 2.0 and 3.0 signatures (SU 22) have been made available via the software's live update feature.

The company recommends that customers adjust their software policies as long as the flaw is exposed to a potential exploit. Specifically, the firm said that companies should restrict access to administration or management systems to privileged users only, keep all operating systems and applications updated with the latest vendor patches and "run both firewall and antivirus applications, at a minimum to provide multiple points of detection and protection to both inbound and outbound threats."

Symantec also said that users should "be cautious visiting unknown or untrusted websites or following unknown URL links" and should not "open attachments or executables from unknown sources."